;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2015, 2018, 2019 Eric Bavier ;;; Copyright © 2014-2024 Ludovic Courtès ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2016 Andreas Enge ;;; Copyright © 2017 Dave Love ;;; Copyright © 2017, 2022 Efraim Flashner ;;; Copyright © 2018–2022 Tobias Geerinckx-Rice ;;; Copyright © 2018 Paul Garlick ;;; Copyright © 2019, 2021 Ricardo Wurmus ;;; Copyright © 2024 Romain Garbage ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in th
aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2024 Wojtek Kosior <koszko@koszko.org>
;;; Additions and modifications by Wojtek Kosior are additionally
;;; dual-licensed under the Creative Commons Zero v1.0.
;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system accounts)
  #:use-module (guix records)
  #:use-module (ice-9 match)
  #:use-module (ice-9 vlist)
  #:use-module (srfi srfi-8)
  #:use-module (srfi srfi-26)
  #:export (user-account
            user-account?
            user-account-name
            user-account-password
            user-account-uid
            user-account-group
            user-account-supplementary-groups
            user-account-comment
            user-account-home-directory
            user-account-create-home-directory?
            user-account-shell
            user-account-system?

            user-group
            user-group?
            user-group-name
            user-group-password
            user-group-id
            user-group-system?

            user-extra-groups
            user-extra-groups?
            user-extra-groups-user
            user-extra-groups-groups

            merge-extra-groups-data

            subid-range
            subid-range?
            subid-range-name
            subid-range-start
            subid-range-count
            subid-range-end
            subid-range-has-start?
            subid-range-less

            sexp->user-account
            sexp->user-group
            sexp->subid-range

            default-shell))


;;; Commentary:
;;;
;;; Data structures representing user accounts and user groups.  This is meant
;;; to be used both on the host side and at run time--e.g., in activation
;;; snippets.
;;;
;;; Code:

(define default-shell
  ;; Default shell for user accounts (a string or string-valued gexp).
  (make-parameter "/bin/sh"))

(define-record-type* <user-account>
  user-account make-user-account
  user-account?
  (name           user-account-name)
  (password       user-account-password (default #f))
  (uid            user-account-uid (default #f))
  (group          user-account-group)             ; number | string
  (supplementary-groups user-account-supplementary-groups
                        (default '()))            ; list of strings
  (comment        user-account-comment (default ""))
  (home-directory user-account-home-directory (thunked)
                  (default (default-home-directory this-record)))
  (create-home-directory? user-account-create-home-directory? ;Boolean
                          (default #t))
  (shell          user-account-shell              ; gexp
                  (default (default-shell)))
  (system?        user-account-system?            ; Boolean
                  (default #f)))

(define-record-type* <user-group>
  user-group make-user-group
  user-group?
  (name           user-group-name)
  (password       user-group-password (default #f))
  (id             user-group-id (default #f))
  (system?        user-group-system?              ; Boolean
                  (default #f)))

(define-record-type* <user-extra-groups> user-extra-groups
  make-user-extra-groups
  user-extra-groups?
  (user           user-extra-groups-user)
  (groups         user-extra-groups-groups))      ; list of strings

(define (user-account-extend account extra-groups)
  (match-record account <user-account> (name supplementary-groups)
    (user-account
     (inherit account)
     (supplementary-groups (apply append supplementary-groups
                                  (vhash-fold* cons '()
                                               name extra-groups))))))

(define (merge-extra-groups-data accounts-data)
  (let* ((extra-groups-alist (map (match-record-lambda <user-extra-groups>
                                      (user groups)
                                    (cons user groups))
                                  (filter user-extra-groups? accounts-data)))
         (extra-groups (alist->vhash extra-groups-alist))
         (user-accounts (map (cut user-account-extend <> extra-groups)
                             (filter user-account? accounts-data)))
         (other-records (filter (lambda (record)
                                  (not (or (user-account? record)
                                           (user-extra-groups? record))))
                                accounts-data)))
    (append other-records user-accounts)))

(define-record-type* <subid-range>
  subid-range make-subid-range
  subid-range?
  (name           subid-range-name)
  (start          subid-range-start (default #f))    ; number
  (count          subid-range-count                  ; number
                  ; from find_new_sub_gids.c and
                  ; find_new_sub_uids.c
                  (default 65536)))

(define (subid-range-end range)
  "Returns the last subid referenced in RANGE."
  (and
   (subid-range-has-start? range)
   (+ (subid-range-start range)
      (subid-range-count range)
      -1)))

(define (subid-range-has-start? range)
  "Returns #t when RANGE's start is a number."
  (number? (subid-range-start range)))

(define (subid-range-less a b)
  "Returns #t when subid range A either starts before, or is more specific
than B.  When it is not possible to determine whether a range is more specific
w.r.t. another range their names are compared alphabetically."
  (define start-a (subid-range-start a))
  (define start-b (subid-range-start b))
  (cond ((and (not start-a) (not start-b))
         (string< (subid-range-name a)
                  (subid-range-name b)))
        ((and start-a start-b)
         (< start-a start-b))
        (else
         (and start-a
              (not start-b)))))

(define (default-home-directory account)
  "Return the default home directory for ACCOUNT."
  (string-append "/home/" (user-account-name account)))

(define (sexp->user-group sexp)
  "Take SEXP, a tuple as returned by 'user-group->gexp', and turn it into a
user-group record."
  (match sexp
    ((name password id system?)
     (user-group (name name)
                 (password password)
                 (id id)
                 (system? system?)))))

(define (sexp->user-account sexp)
  "Take SEXP, a tuple as returned by 'user-account->gexp', and turn it into a
user-account record."
  (match sexp
    ((name uid group supplementary-groups comment home-directory
           create-home-directory? shell password system?)
     (user-account (name name) (uid uid) (group group)
                   (supplementary-groups supplementary-groups)
                   (comment comment)
                   (home-directory home-directory)
                   (create-home-directory? create-home-directory?)
                   (shell shell) (password password)
                   (system? system?)))))

(define (sexp->subid-range sexp)
  "Take SEXP, a tuple as returned by 'subid-range->gexp', and turn it into a
subid-range record."
  (match sexp
    ((name start count)
     (subid-range (name name)
                  (start start)
                  (count count)))))
generated by cgit
"--with-libevent" ;; Help 'orterun' and 'mpirun' find their tools ;; under $prefix by default. "--enable-mpirun-prefix-by-default" ;; InfiniBand support "--enable-openib-control-hdr-padding" "--enable-openib-dynamic-sl" "--enable-openib-udcm" "--enable-openib-rdmacm" "--enable-openib-rdmacm-ibaddr" ;; Enable support for the 'Process Management ;; Interface for Exascale' (PMIx) used e.g. by ;; Slurm for the management communication and ;; coordination of MPI processes. "--with-pmix=internal" ;; Enable support for SLURM's Process Manager ;; Interface (PMI). ,(string-append "--with-pmi=" #$(this-package-input "slurm"))) #:phases #~(modify-phases %standard-phases ;; opensm is needed for InfiniBand support. (add-after 'unpack 'find-opensm-headers (lambda* (#:key inputs #:allow-other-keys) (setenv "C_INCLUDE_PATH" (search-input-directory inputs "/include/infiniband")) (setenv "CPLUS_INCLUDE_PATH" (search-input-directory inputs "/include/infiniband")))) (add-before 'build 'remove-absolute (lambda _ ;; Remove compiler absolute file names (OPAL_FC_ABSOLUTE ;; etc.) to reduce the closure size. See ;; ;; and ;; . (substitute* '("orte/tools/orte-info/param.c" "oshmem/tools/oshmem_info/param.c" "ompi/tools/ompi_info/param.c") (("_ABSOLUTE") "")) ;; Avoid valgrind (which pulls in gdb etc.). (substitute* '("./ompi/mca/io/romio321/src/io_romio321_component.c") (("MCA_io_romio321_COMPLETE_CONFIGURE_FLAGS") "\"[elided to reduce closure]\"")))) (add-before 'build 'scrub-timestamps ;reproducibility (lambda _ (substitute* '("ompi/tools/ompi_info/param.c" "orte/tools/orte-info/param.c" "oshmem/tools/oshmem_info/param.c") ((".*(Built|Configured) on.*") "")))) (add-after 'install 'remove-logs ;reproducibility (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) (for-each delete-file (find-files out "config.log")))))))) (home-page "https://www.open-mpi.org") (synopsis "MPI-3 implementation") (description "The Open MPI Project is an MPI-3 implementation that is developed and maintained by a consortium of academic, research, and industry partners. Open MPI is therefore able to combine the expertise, technologies, and resources from all across the High Performance Computing community in order to build the best MPI library available. Open MPI offers advantages for system and software vendors, application developers and computer science researchers.") ;; See file://LICENSE (license license:bsd-2))) (define-public openmpi openmpi-4) (define-public openmpi-5 (package (inherit openmpi) (version "5.0.3") (source (origin (method url-fetch) (uri (string-append "https://www.open-mpi.org/software/ompi/v" (version-major+minor version) "/downloads/openmpi-" version ".tar.bz2")) (sha256 (base32 "02x9xmpggw77mdpikjjx83j6i4v3gkqbncda73lk5axk0vr841cr")))) (inputs (modify-inputs (package-inputs openmpi) ;; As of Open MPI 5.0.X, PMIx is used to communicate ;; with SLURM, so SLURM'S PMI is no longer needed. (delete "slurm") (append ucx) ;for Infiniband support (append openpmix) ;for PMI support (launching via "srun") (append prrte))) ;for PMI support (launching via "srun") (native-inputs (modify-inputs (package-native-inputs openmpi) (append python))) (outputs '("out" "debug")) (arguments (list #:configure-flags #~(list "--enable-mpi-ext=affinity" ;cr doesn't work "--with-sge" #$@(if (package? (this-package-input "valgrind")) #~("--enable-memchecker" "--with-valgrind") #~("--without-valgrind")) "--with-hwloc=external" "--with-libevent" ;; This replaces --enable-mpirun-prefix-by-default wich is deprecated ;; since 5.x. "--enable-prte-prefix-by-default" ;; Enable support for the 'Process Management Interface for Exascale' ;; (PMIx) used e.g. by Slurm for the management communication and ;; coordination of MPI processes. (string-append "--with-pmix=" #$(this-package-input "openpmix")) (string-append "--with-prrte=" #$(this-package-input "prrte")) ;; Since 5.x, Infiniband support is provided by ucx. ;; See https://docs.open-mpi.org/en/main/release-notes/networks.html#miscellaneous-network-notes (string-append "--with-ucx=" #$(this-package-input "ucx"))) #:phases #~(modify-phases %standard-phases (add-before 'build 'remove-absolute (lambda _ ;; Remove compiler absolute file names (OPAL_FC_ABSOLUTE ;; etc.) to reduce the closure size. See ;; ;; and ;; . (substitute* '("oshmem/tools/oshmem_info/param.c" "ompi/tools/ompi_info/param.c") (("_ABSOLUTE") ""))))) #:disallowed-references (list (canonical-package gcc)))))) (define-public openmpi-c++ (package/inherit openmpi (name "openmpi-c++") (outputs '("out")) (arguments (substitute-keyword-arguments (package-arguments openmpi) ((#:configure-flags flags) #~(cons "--enable-mpi-cxx" #$flags)))) (synopsis "C++ bindings for MPI"))) ;; TODO: javadoc files contain timestamps. (define-public java-openmpi (package/inherit openmpi (name "java-openmpi") (inputs `(("openmpi" ,openmpi) ,@(package-inputs openmpi))) (native-inputs `(("jdk" ,openjdk11 "jdk") ("zip" ,(@ (gnu packages compression) zip)) ,@(package-native-inputs openmpi))) (outputs '("out")) (arguments (cons* #:modules '((guix build gnu-build-system) ((guix build ant-build-system) #:prefix ant:) (guix build utils)) #:imported-modules `((guix build ant-build-system) ,@%default-gnu-imported-modules) (substitute-keyword-arguments (package-arguments openmpi) ((#:configure-flags flags) #~(cons "--enable-mpi-java" #$flags)) ((#:make-flags flags ''()) #~(append '("-C" "ompi/mpi/java") #$flags)) ((#:phases phases) #~(modify-phases #$phases ;; We could provide the location of the JDK in the configure ;; flags, but since the configure flags are embedded in the ;; info binaries that would leave a reference to the JDK in ;; the "out" output. To avoid this we set JAVA_HOME. (add-after 'unpack 'set-JAVA_HOME (lambda* (#:key inputs #:allow-other-keys) (setenv "JAVA_HOME" (assoc-ref inputs "jdk")) #t)) (add-after 'unpack 'link-with-existing-mpi-libraries (lambda* (#:key inputs #:allow-other-keys) (substitute* "ompi/mpi/java/c/Makefile.in" (("\\$\\(top_builddir\\)/ompi/lib@OMPI_LIBMPI_NAME@.la") (search-input-file inputs "/lib/libmpi.la"))))) (add-after 'install 'strip-jar-timestamps (assoc-ref ant:%standard-phases 'strip-jar-timestamps))))))) (synopsis "Java bindings for MPI"))) (define-public openmpi-thread-multiple (package/inherit openmpi (name "openmpi-thread-multiple") (arguments (substitute-keyword-arguments (package-arguments openmpi) ((#:configure-flags flags) #~(cons "--enable-mpi-thread-multiple" #$flags)))) (description "This version of Open@tie{}MPI has an implementation of @code{MPI_Init_thread} that provides @code{MPI_THREAD_MULTIPLE}. This won't work correctly with all transports (such as @code{openib}), and the performance is generally worse than the vanilla @code{openmpi} package, which only provides @code{MPI_THREAD_FUNNELED}."))) ;;; Build phase to be used for packages that execute MPI code. (define-public %openmpi-setup '(lambda _ ;; By default, running the test suite would fail because 'ssh' could not ;; be found in $PATH. Define this variable to placate Open MPI without ;; adding a dependency on OpenSSH (the agent isn't used anyway.) (setenv "OMPI_MCA_plm_rsh_agent" (which "false")) ;; Allow oversubscription in case there are less physical cores available ;; in the build environment than the package wants while testing. (setenv "OMPI_MCA_rmaps_base_mapping_policy" "core:OVERSUBSCRIBE") ;; UCX sometimes outputs uninteresting warnings such as: ;; ;; mpool.c:38 UCX WARN object 0x7ffff44fffc0 was not returned to mpool ucp_am_bufs ;; ;; These in turn leads to failures of test suites that capture and ;; compare stdout, such as that of 'hdf5-parallel-openmpi'. Thus, tell ;; UCX to not emit those warnings. (setenv "UCX_LOG_LEVEL" "error") ;; Starting from 2.9.0, hwloc fails when /sys is unavailable: ;; ;; [hwloc/linux] failed to find sysfs cpu topology directory, aborting linux discovery. ;; ;; This in turn breaks Open MPI users. To work around it, define a fake ;; topology with 4 cores. That silently disables CPU binding, though ;; 'get_cpubind' will report there's no binding. (setenv "HWLOC_SYNTHETIC" "4") #t)) (define-public python-mpi4py (package (name "python-mpi4py") (version "3.1.4") (source (origin (method url-fetch) (uri (pypi-uri "mpi4py" version)) (sha256 (base32 "101lz7bnm9l17nrkbg6497kxscyh53aah7qd2b820ck2php8z18p")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases (add-after 'build 'mpi-setup ,%openmpi-setup) (add-before 'check 'pre-check (lambda _ ;; Skip BaseTestSpawn class (causes error 'ompi_dpm_dyn_init() ;; failed --> Returned "Unreachable"' in chroot environment). (substitute* "test/test_spawn.py" (("unittest.skipMPI\\('openmpi\\(<3.0.0\\)'\\)") "unittest.skipMPI('openmpi')")) #t))))) (inputs (list openmpi)) (properties '((updater-extra-inputs . ("openmpi")))) (home-page "https://github.com/mpi4py/mpi4py") (synopsis "Python bindings for the Message Passing Interface standard") (description "MPI for Python (mpi4py) provides bindings of the Message Passing Interface (MPI) standard for the Python programming language, allowing any Python program to exploit multiple processors. mpi4py is constructed on top of the MPI-1/MPI-2 specification and provides an object oriented interface which closely follows MPI-2 C++ bindings. It supports point-to-point and collective communications of any picklable Python object as well as optimized communications of Python objects (such as NumPy arrays) that expose a buffer interface.") (license license:bsd-3))) (define-public mpich (package (name "mpich") (version "4.2.2") (source (origin (method url-fetch) (uri (string-append "http://www.mpich.org/static/downloads/" version "/mpich-" version ".tar.gz")) (sha256 (base32 "0h8xg1wi2d88hnfmj3xydf1hj78r7fh05jljhk5jgxmbmsrmngw8")))) (build-system gnu-build-system) (inputs `(,zlib (,hwloc-2 "lib") ,slurm ,@(if (and (not (%current-target-system)) (member (%current-system) (package-supported-systems ucx))) (list ucx) '()))) (native-inputs (list perl which gfortran python-minimal)) (outputs '("out" "debug")) (arguments `(#:configure-flags (list "--disable-silent-rules" ;let's see what's happening "--enable-debuginfo" ;; Default to "ch4", as will be the case in 3.4. It also works ;; around issues when running test suites of packages that use ;; MPICH: . "--with-device=ch4:ucx" ; --with-device=ch4:ofi segfaults in tests (string-append "--with-hwloc-prefix=" (assoc-ref %build-inputs "hwloc")) ,@(if (assoc "ucx" (package-inputs this-package)) `((string-append "--with-ucx=" (assoc-ref %build-inputs "ucx"))) '())) #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-sources (lambda _ (substitute* "./maint/gen_subcfg_m4" (("/usr/bin/env") (which "env"))) (substitute* "src/glue/romio/all_romio_symbols" (("/usr/bin/env") (which "env"))) (substitute* (find-files "." "buildiface") (("/usr/bin/env") (which "env"))) (substitute* "maint/extracterrmsgs" (("/usr/bin/env") (which "env"))) (substitute* (find-files "." "f77tof90") (("/usr/bin/env") (which "env"))) (substitute* (find-files "." "\\.sh$") (("/bin/sh") (which "sh"))))) (add-before 'configure 'fix-makefile (lambda _ ;; Remove "@hwloclib@" from 'pmpi_convenience_libs'. ;; This fixes "No rule to make target '-lhwloc', needed ;; by 'lib/libmpi.la'". (substitute* "Makefile.in" (("^pmpi_convenience_libs = (.*) @hwloclib@ (.*)$" _ before after) (string-append "pmpi_convenience_libs = " before " " after))))) (add-before 'configure 'define-gfortran-wrapper (lambda* (#:key inputs #:allow-other-keys) ;; 'configure' checks whether the Fortran compiler ;; allows argument type mismatch. Since gfortran >= 10 ;; does not, provide a wrapper that passes ;; '-fallow-argument-mismatch' to get the desired ;; behavior. (mkdir-p ".gfortran-wrapper/bin") (call-with-output-file ".gfortran-wrapper/bin/gfortran" (lambda (port) (display (string-append "#!" (which "sh") "\n") port) (display (string-append "exec \"" (which "gfortran") "\" -fallow-argument-mismatch" " \"$@\"\n") port) (chmod port #o755))) (setenv "PATH" (string-append (getcwd) "/" ".gfortran-wrapper/bin:" (getenv "PATH")))))))) (home-page "https://www.mpich.org/") (synopsis "Implementation of the Message Passing Interface (MPI)") (description "MPICH is a high-performance and portable implementation of the Message Passing Interface (MPI) standard (MPI-1, MPI-2 and MPI-3). MPICH provides an MPI implementation that efficiently supports different computation and communication platforms including commodity clusters, high-speed networks (10 Gigabit Ethernet, InfiniBand, Myrinet, Quadrics), and proprietary high-end computing systems (Blue Gene, Cray). It enables research in MPI through a modular framework for other derived implementations.") (license license:bsd-2))) (define-public mpich-ofi (package/inherit mpich (name "mpich-ofi") (inputs (modify-inputs (package-inputs mpich) (delete ucx) (append libfabric) (append rdma-core) (append psm2))) (arguments (substitute-keyword-arguments (package-arguments mpich) ((#:configure-flags flags) #~(list "--disable-silent-rules" ;let's see what's happening "--enable-debuginfo" "--with-device=ch4:ofi" (string-append "--with-hwloc-prefix=" #$(this-package-input "hwloc")) (string-append "--with-libfabric=" #$(this-package-input "libfabric")))) ((#:phases phases '%standard-phases) phases))) (synopsis "Implementation of the Message Passing Interface (MPI) for OmniPath")))